AWS cli documentation change
Summary
Added new parameters --asset-permissions and --asset-scopes with detailed permission structures, expanded subscribedPrincipals to include group/user types with IAM/SSO details, and updated CLI version reference
Security assessment
The changes add documentation for granular asset permissions (including S3 READ/WRITE controls) and expanded principal types with authentication details. While these are security-related features, there is no evidence of addressing a specific vulnerability. The changes improve access control documentation but don't reference any security incidents.
Diff
diff --git a/cli/latest/reference/datazone/create-subscription-request.md b/cli/latest/reference/datazone/create-subscription-request.md index e66135e18..60d56ff1f 100644 --- a//cli/latest/reference/datazone/create-subscription-request.md +++ b//cli/latest/reference/datazone/create-subscription-request.md @@ -15 +15 @@ - * [AWS CLI 2.31.35 Command Reference](../../index.html) » + * [AWS CLI 2.31.37 Command Reference](../../index.html) » @@ -66,0 +67,2 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/datazo + [--asset-permissions <value>] + [--asset-scopes <value>] @@ -96,0 +99,107 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/datazo +`--asset-permissions` (list) + +> The asset permissions of the subscription request. +> +> (structure) +> +>> The asset permissions. +>> +>> assetId -> (string) [required] +>> +>>> The asset ID as part of the asset permissions. +>>> +>>> Constraints: +>>> +>>> * pattern: `^[a-zA-Z0-9_-]{1,36}$` +>>> + +>> +>> permissions -> (tagged union structure) [required] +>> +>>> The details as part of the asset permissions. +>>> +>>> ### Note +>>> +>>> This is a Tagged Union structure. Only one of the following top level keys can be set: `s3`. +>>> +>>> s3 -> (list) +>>> +>>>> The S3 details of the asset permissions. +>>>> +>>>> (string) +>>>> +>>>>> Possible values: +>>>>> +>>>>> * `READ` +>>>>> * `WRITE` +>>>>> + + +Shorthand Syntax: + + + assetId=string,permissions={s3=[string,string]} ... + + +JSON Syntax: + + + [ + { + "assetId": "string", + "permissions": { + "s3": ["READ"|"WRITE", ...] + } + } + ... + ] + + +`--asset-scopes` (list) + +> The asset scopes of the subscription request. +> +> (structure) +> +>> The accepted asset scope. +>> +>> assetId -> (string) [required] +>> +>>> The asset ID of the accepted asset scope. +>>> +>>> Constraints: +>>> +>>> * pattern: `^[a-zA-Z0-9_-]{1,36}$` +>>> + +>> +>> filterIds -> (list) [required] +>> +>>> The filter IDs of the accepted asset scope. +>>> +>>> (string) +>>> +>>>> Constraints: +>>>> +>>>> * pattern: `^[a-zA-Z0-9_-]{1,36}$` +>>>> + + +Shorthand Syntax: + + + assetId=string,filterIds=string,string ... + + +JSON Syntax: + + + [ + { + "assetId": "string", + "filterIds": ["string", ...] + } + ... + ] + + @@ -256 +365,15 @@ JSON Syntax: ->> This is a Tagged Union structure. Only one of the following top level keys can be set: `project`. +>> This is a Tagged Union structure. Only one of the following top level keys can be set: `group`, `project`, `user`. +>> +>> group -> (structure) +>> +>>> The subscribed group. +>>> +>>> identifier -> (string) +>>> +>>>> The ID of the subscribed group. +>>>> +>>>> Constraints: +>>>> +>>>> * pattern: `^([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}$` +>>>> + @@ -270,0 +394,14 @@ JSON Syntax: +>> +>> user -> (structure) +>> +>>> The subscribed user. +>>> +>>> identifier -> (string) +>>> +>>>> The ID of the subscribed user. +>>>> +>>>> Constraints: +>>>> +>>>> * pattern: `^([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}$` +>>>> + @@ -275 +412 @@ Shorthand Syntax: - project={identifier=string} ... + group={identifier=string},project={identifier=string},user={identifier=string} ... @@ -282,0 +420,3 @@ JSON Syntax: + "group": { + "identifier": "string" + }, @@ -284,0 +425,3 @@ JSON Syntax: + }, + "user": { + "identifier": "string" @@ -660,0 +804,21 @@ subscribedListings -> (list) +>>>> +>>>> permissions -> (tagged union structure) +>>>> +>>>>> The asset permissions. +>>>>> +>>>>> ### Note +>>>>> +>>>>> This is a Tagged Union structure. Only one of the following top level keys can be set: `s3`. +>>>>> +>>>>> s3 -> (list) +>>>>> +>>>>>> The S3 details of the asset permissions. +>>>>>> +>>>>>> (string) +>>>>>> +>>>>>>> Possible values: +>>>>>>> +>>>>>>> * `READ` +>>>>>>> * `WRITE` +>>>>>>> + @@ -798 +962,27 @@ subscribedPrincipals -> (list) ->> This is a Tagged Union structure. Only one of the following top level keys can be set: `project`. +>> This is a Tagged Union structure. Only one of the following top level keys can be set: `group`, `project`, `user`. +>> +>> group -> (structure) +>> +>>> The subscribed group. +>>> +>>> id -> (string) +>>> +>>>> The ID of the subscribed group. +>>>> +>>>> Constraints: +>>>> +>>>> * pattern: `^([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}$` +>>>> +